dvb-s2 example pcap file not interpreted correctly

retag add tags

I am having difficulty sniffing DVB-S2 packets.

To check that Wireshark is working as advertised, I downloaded the file: SampleCaptures/dvb-s2_bb_example.pcap from the Wireshark DVB-S2 wiki page. I passed it into Wireshark, but saw only Ethernet, UDP and ARP packets, not DVB-S2 packets as the screenshot on the wiki page shows. Adding the suggested filter: dvb-s2_modeadapt or dvb-s2_bb or dvb-s2_gse leaves no packets at all, as does using each of those filters in isolation. I have tried this on Ubuntu 16.04, Ubuntu 18.04 and Raspberry Pi 3B+, each with stock Wireshark from the OS repo.

I can't find any reference to this problem in the bug reports.

Any suggestions?

You need to enable the dvb_s2_udp dissector, from the DVB-S2 page on the Wireshark wiki:

In the protocol preference settings the DVB-S2 dissector can be globally enabled or disabled. This setting defaults to "disabled".

In Wireshark use the menu item Analyze -> Enabled Protocols..., search for "dvb" and check the box for dvb_s2_udp.

23.8k

grahamb

answered 2019-08-13 10:03:39 +0000

edit flag offensive 0 remove flag delete link

Comments

Thanks very much! Odd that's it's just the DVB-S2 UDP director that's disabled by default.

James Card (2019-08-13 12:00:54 +0000) edit

There's a few others. For the DVB-S2 it's a heuristic dissector rather than port based and the heuristics are weak so it can easily misidentify traffic.

grahamb (2019-08-13 12:17:15 +0000) edit

Ah, that makes sense. Thanks for explaining.

James Card (2019-08-13 18:26:52 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

dvb-s2 example pcap file not interpreted correctly edit

Comments

1 Answer

Comments